Information Security Administrator
Information Security Administrator BrightRidge
BrightRidge is hiring for an Information Security Administrator.
The Information Security Administrator will provide network and systems security monitoring and proactive remediation for all BrightRidge technology systems. Acts as a liaison with internal and external entities, developing policies and procedures. Proactively monitors standards and regulatory requirements. Partners with staff to support security compliance and audit programs, establish assessments, manage and track risk mitigation and remediation activities.
Administers security policies and/or hardware/software for existing computer networks and systems. Works with Network Administrator and other personnel to develop, implement and monitor all aspects of cyber security for all current and planned networks.
- Evaluate network and systems changes/expansions for security compliance.
- Performs security audits and conducts other functions independently or jointly with technical assistance from IT personnel and other BrightRidge departments.
- Makes recommendations on appropriate security levels for personnel, physical access, and technical security controls.
- Manage external vendor relationships for Cyber Security services.
- Develops Information Security policies and procedures in accordance with FERC, NERC, NIST, ISO and/or other internal or external standards, regulations or needs.
- Confers and coordinates with end-users, consultants and field personnel for the purpose of clarifying detailed network and computer security requirements and operating procedures.
- Prepares and/or assists with the development of company standards such as security procedures and computing equipment specifications
- Acts as liaison with Auditors and management staff regarding information security issues
- Monitors the legal and regulatory landscape to proactively address Information Security requirements.
- Develops and delivers appropriate end-user presentations, documentation and training materials to promote information security awareness company-wide.
- Partners with internal staff to develop technical tools to manage information security compliance and audit requirements.
- Reviews latest technical publications and other documentations and/or standards to remain current on new technology and equipment related to computing security and network/systems design, analysis and maintenance applications.
- Conducts studies to evaluate the feasibility of new technology and estimates resources required to implement new applications.
- Develops and maintains detailed setup procedures (including documentation) for security-related hardware and software used company-wide and for specific applications or networks.
- Monitors network and personal computers for compliance with all computer-related policies.
- Daily reviews security auditing tools and logs for unusual activity and responds appropriately.
- Performs periodic audits of security risk assessments for all functions within the company.
- Evaluate solutions and compliance of existing and new IT systems for Zero Trust security architecture.
- Maintain knowledge of external cloud services and utilize appropriate perform security monitoring. Monitor remote access to cloud services.
- Ability to maintain reliable, predictable and reasonable attendance.
- Perform other duties as requested or assigned.
- Must maintain a valid driver’s license from state of residence.
- Must be available for after-hours work which would include working fair share of all necessary overtime.
KNOWLEDGE, SKILLS, AND ABILITIES:
- Excellent knowledge of IT systems and workflows utilized by BrightRidge.
- Knowledge of BrightRidge departments and their functions.
- Knowledge of Information Technology best practices.
- Experience in an Information Security corporate environment.
- Experience in IT Audit, IT Risk, system administration, network and application security concepts.
- Experience with and understanding of NIST and NERC Standards including NERC CIP.
- Direct experience or exposure to the following technologies: Windows, Linux, or other UNIX operating systems, SSO, LDAP, Java, XML, Azure Active Directory, Active Directory Domain Administration.
- Expertise following Governance and Access Control models required.
- In-depth knowledge of regulatory compliance requirements and risk management, including methodologies and tools.
- Must be able to communicate clearly, both orally and in writing.
- Possess excellent time-management skills.
Position requires occasional lifting of up to 20 lbs. Frequent lifting of lesser amounts is required as well as lowering, carrying, static position (head/neck), standing, walking, sitting, talking and simple grasp. Constant vision, hearing, depth perception and arm/hand use for machine control operation are required.
Most work is done in an indoor, climate-controlled environment. However, occasional work is done in substations where there may be dim light, no temperature control and would require the ability to walk on uneven terrain.
- Five years prior experience using information security or related IT experience, or equivalent combination of education and experiences.
- CISSP, CISA or other security certifications desired.
- Knowledge of Utility business practices preferred.
- A. Degree in Computer Science or similar security major preferred. Equivalent professional training and experience in Cyber Security may substitute for a B.A. Degree.
EEO/Affirmative Action Employer/Disability/Veteran/TNDFWP